Written on Saturday, January 27, 2007 by Gemini

Remember those invisible ink kits from when you were a kid? You'd write a secret message that no one could see unless they had a black light or the decoder marker. The digital equivalent of invisible ink is steganography software, apps that embed files and data inside other files, hidden from everyone who doesn't know any better.

You don't have to be a trained spy plotting international espionage to put steganography to good use. With some free tools for both the Mac and PC, you can embed secret information in image, PDF, HTML and MP3 files for fun or profit.Why stego?Unlike encryption, which obscures data in such a way that it's obvious someone's keeping something from listeners-in (and therefore heightens interest in that info), stego techniques offer no hint to the outsider that there's any private data contained within the visible file. Like hiding your valuables from burglars in an empty cereal box in your kitchen cabinet, steganography keeps the existence of the secret item from everyone but those in the know.

In fact, right here in this Lifehacker logo image, there's a message hidden for you:Here's how to go about decoding it.

Hide in Picture (Windows)The free Hide in Picture (Windows only) embeds files into GIF or BMP images, and lets you set a password to retrieve the hidden file. The Hide in Picture interface is barebones, as you can see:

Use Hide in Picture to decode the message hidden in the image above. (Hint: the password is lhacker.)Other free Windows tools offer more filetype support. wbStego can encode and decode files in PDF's, HTML files or bitmaps. mp3stego embeds text inside MP3 files (command line and GUI interface available.) Here are more Windows stego software options. Be warned: while all of these tools work, none of them will win awards for being good-looking.Pict Encrypt (Mac).Similarly, the free Pict Encrypt (Mac only, thanks, Mirko!) adds text to GIF, JPEG, TIFF, PNG and MacPICT images, locks it with a password, and saves the file with hidden data as a PICT file. Its interface is a simple, barebones wizard that leads you through the encrypt and decrypt process. One difference between Pict Encrypt and Hide in Picture is that you don't embed another file; you actually enter your secret text into the Pict Encrypt wizard, as shown.

Finally, for those of you comfortable on the command line, reader Jason H. writes in with a nifty stego trick using built-in tools. The premise of this technique is to append a .zip file to the end of a .gif file, resulting in a file which is readable by both .gif programs and .zip programs.Jason explains why this works:

It works because .gif files keep all of their information in the headers, while .zip files keep them in the footer. Since that's the case, .gif viewers read from the front of the file, while .zip readers read from the end.

Here's how to combine your .gif and .zip. At the Windows prompt use this command:

copy /B source.gif+source.zip target.gif

Or in Linux/Mac:

cat somefile.zip >> somefile.gif

The problem with this method is that not all zip programs can extract the resulting file. When I tried, both 7-Zip and Windows built-in extraction failed, but WinRAR handled it just fine. Still, that's something the intended recipient should know. For double super-duper security, password the zip file that you hide inside the image. WinRAR and 7-Zip both let you add passwords to a zip archive.

Uses for stego

So now that you know how to hide files in files, why would you do it? Here are a few uses for stego:

You suspect someone's illegally distributing your copyrighted PDF's or images, so you add hidden copyright information in them using stego tools to double-check.

You want to exchange information like passwords or sensitive images over an insecure transmission protocol, like email.

You want to embed secret files available only to a select few in a public forum.

You want to impress your friends and co-workers with your sneaky ways.